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1 . Real Party In Interest. 

The real party in interest is Hewlett-Packard Development Company, LP, a 
limited partnership established under the laws of the State of Texas and having a 
principal place of business at 20555 S.H. 249 Houston, TX 77070, U.S.A. (hereinafter 
"HPDC"). HPDC is a Texas limited partnership and is a wholly-owned affiliate of 
Hewlett-Packard Company, a Delaware Corporation, headquartered in Palo Alto, CA. 
The general or managing partner of HPDC is HPQ Holding, LLC. 

2. Related Appeals And Interferences. 

There are no other appeals or interferences known to Appellants, Appellants' 
legal representative or the Assignee which will affect or be directly affected by or have a 
bearing on the Board's decision in the pending appeal. 

3. Status Of Claims. 

Claims 1-25 are pending. Claims 1-7, 9-15, and 17-25 stand rejected. Claims 8 
and 16 have been deemed allowable but stand rejected to as being dependent from a 
rejected base claim. All pending rejected claims are appealed. 

4. Status Of Amendments. 

No amendments to the Specification or Claims have been filed after the final 
action was entered. A revised set of formal drawings has been submitted in which the 
textual label for reference number 28 in Figure 2 has been changed to "ASSOCIATION 
MODULE." All other previous amendments have been entered. 

5. Summary Of Claimed Subject Matter. 

Claim 1 recites a method for locating a resource in a computer network that 
includes providing an interface having instructions to send association data. See, e.g., 
Specification, paragraph [0038]. An identity service is identified using the association 
data. See, e.g., Specification, paragraphs [0040] and [0041]. The identity service 
manages resource data. See, e.g., Specification, paragraphs [0040] and [0041]. The 
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resource is located using the resource data. See, e.g., Specification, paragraph [0043]. 

Claim 5 recites a method for locating a resource for a user in a computer network 
where that method includes providing an interface having instructions to send 
association data to two or more association services. See, e.g., Specification, 
paragraph [0038]. From the two or more association services, an association service 
with which the user has established a relationship is identified. See, e.g., Specification, 
paragraph [0040]. Using the association data sent to the identified association service, 
an identity service is identified. See, e.g., Specification, paragraphs [0040] and [0041]. 
The identity service manages resource data. See, e.g., Specification, paragraphs 
[0040] and [0041]. The resource is located using the resource data. See, e.g., 
Specification, paragraph [0043]. 

Claim 6 recites a method for locating a resource in a computer network that 
includes providing a web page having instructions to request a web bug. See, e.g., 
Specification, paragraph [0036]. The web bug is requested by sending a cookie and an 
URL for the web page. See, e.g., Specification, paragraph [0036]. The cookie and the 
URL are saved for the web page as an entry in an association table. See, e.g., 
Specification, paragraph [0036]. Providing the URL for the web page, the association 
table is queried for the cookie in the entry containing the URL. See, e.g., Specification, 
paragraphs [0040] and [0041]. Other entries in the association table containing the 
cookie are identified. See, e.g., Specification, paragraphs [0040] and [0041]. From 
those entries an entry containing an URL for an identification service is identified. See, 
e.g., Specification, paragraphs [0040] and [0041]. The identification service manages 
resource data. See, e.g., Specification, paragraphs [0040] and [0041]. The resource is 
located using the resource data. See, e.g., Specification, paragraph [0043]. 

Claim 7 recites a method for producing an electronic document where that 
method includes generating, upon request from a user, a web page having content for 
requesting a web bug from an association service as well as content for displaying 
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controls for selecting production options. See, e.g., Specification, paragraphs [0045]- 
[0049]. Providing an URL for the generated web page, the association service is 
queried to identify an identity service with which the user is registered. See, e.g., 
Specification, paragraphs [0045]-[0049]. The user's resource data is obtained from the 
identified identity service. See, e.g., Specification, paragraphs [0045]-[0049]. A 
document management service is located and accessed using the resource data. See, 
e.g., Specification, paragraphs [0045]-[0049]. Additional content for the web page is 
provided for displaying controls for selecting a document managed by the document 
management service. See, e.g., Specification, paragraphs [0045]-[0049]. A document 
is produced according to selections made through the web page. See, e.g., 
Specification, paragraphs [0045]-[0049]. 

Claim 9 recites a computer readable medium having instructions for 
implementing various acts. Those acts include (1) providing an interface having 
instructions to send association data; (2) identifying an identity service using the 
association data, the identity service managing resource data; and (3) locating a 
resource using the resource data. See, e.g., Specification, paragraphs [0038]-[0043]. 

Claim 13 recites a computer readable medium having instructions for performing 
various acts. Those acts include (1) providing an interface having instructions to send 
association data to two or more association services; (2) identifying from the two or 
more association services, an association service with which a user has established a 
relationship; (3) identifying an identity service using the association data sent to the 
identified association service, the identity service managing resource data; and (4) 
locating a resource for the user using the resource data. See, e.g., Specification, 
paragraphs [0038]-[0043]. 

Claim 14 recites a computer readable medium having instructions for performing 
various acts. Those acts include (1 ) providing a web page having instructions to 
request a web bug; (2) requesting the web bug sending a cookie and an URL for the 
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web page; (3) saving the cookie and the URL for the web page as an entry in an 
association table; (4) querying, providing the URL for the web page, the association 
table for the cookie in the entry containing the URL; (5) identifying another entries in the 
association table containing the cookie; (6) identifying, from those entries, the entry 
containing an URL for an identification service, the identification service managing 
resource data; and (7) locating a resource using the resource data. See, e.g., 
Specification, paragraphs [0036]-[0043]. 

Claim 15 recites a computer readable medium having instructions for performing 
various tasks. Those tasks include generating, upon request from a user, a web page 
having content for requesting a web bug from an association service as well as content 
for displaying controls for selecting production options and querying the association 
service to identify an identity service with which the user is registered providing an URL 
for the generated web page. See, e.g., Specification, paragraphs [0045]-[0049]. The 
tasks include obtaining the user's resource data from the identified identity service and 
locating and accessing a document management service using the resource data. See, 
e.g., Specification, paragraphs [0045]-[0049]. The tasks also include providing 
additional content for the web page for displaying controls for selecting a document 
managed by the document management service and producing a document according 
to selections made through the web page. See, e.g., Specification, paragraphs [0045]- 
[0049]. 

Claim 17 recites a system for locating a resource that includes an association 
module and an application. See, e.g., Specification, paragraph [0024]. The association 
module is operable to query an association service, supplying a session identifier, in 
order to identify an identity service managing resource data. See, e.g., Specification, 
paragraphs [0024]-[0026], [0027], and [0040]. The application is operable to (1) provide 
an interface having instructions to send association data to the association service, the 
association data to contain a client identifier and a session identifier for the provided 
interface; (2) acquire resource data from an identity service identified by a query from 
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the association module; and (3) locate the resource using the resource data. See, e.g., 
Specification, paragraphs [0038]-[0043]. 

Claim 19 recites a document production system that includes an association 
module and a document production application. See, e.g., Specification, paragraph 
[0024]. The association module is operable to query an association service, supplying a 
session identifier in order to identify an identity service managing resource data. See, 
e.g., Specification, paragraphs [0024]-[0026], [0027], and [0040]. The document 
production application is operable to perform various tasks. Those tasks include 
providing an interface having content for sending association data containing a session 
identifier for the provided interface to an association service as well as content for 
displaying controls for selecting production options. See, e.g., Specification, 
paragraphs [0045]-[0049]. The tasks include acquiring resource data from an identity 
service identifier identified by a query from the association module and locating and 
accessing a document management service using the resource data. See, e.g., 
Specification, paragraphs [0045]-[0049]. The tasks also include providing, for the 
interface, additional content for displaying controls for selecting a document managed 
by the document management service and producing a document according to 
selections made through the interface. See, e.g., Specification, paragraphs [0045]- 
[0049]. 

Claim 20 recites a system for locating a resource where that system includes an 
identity service, an association server, an association table interface, an association 
module, and an application. See, e.g., Specification, paragraphs [0024]-[0028]. The 
identity service is operable to manage resource data. See, e.g., Specification, 
paragraphs [0022] and [0026]. The association server is operable to receive 
association data containing a client identifier and a session identifier, save the 
association data in an association table, and receive queries for the association table. 
See, e.g., Specification, paragraph [0027]. The association table interface is in 
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communication with the association server and is operable, according to a received 
query, to access from the association table a session identifier for the identity service 
using a session identifier supplied with the query. See, e.g., Specification, paragraph 
[0027]. The association module is operable to query, supplying a session identifier, the 
association service in order to identify the identity service. See, e.g., Specification, 
paragraph [0040]. The application is operable to (1) provide an interface having 
instructions to send association data to an association server, the association data to 
contain a client identifier and a session identifier for the provided interface; (2) acquire 
resource data from the identity service identified by a query from the association 
module; and (3) locate the resource using the resource data. See, e.g., Specification, 
paragraphs [0038]-[0043]. 

Claim 22 recites a document production system that includes a document 
management service, an identity service, an association server, an association table 
interface, an association module, and a document production application. See, e.g., 
Specification, paragraphs [0024]-[0028] and [0044]. The identity service is operable to 
manage resource data for locating and accessing the document management service. 
See, e.g., Specification, paragraphs [0022] and [0026]. The association server is 
operable to receive association data containing a client identifier and a session 
identifier, save the association data in an association table, and receive queries for the 
association table. See, e.g., Specification, paragraph [0027]. The association table 
interface is in communication with the association server and is operable, according to a 
received query, to access from the association table a session identifier for the identity 
service using the session identifier supplied with the query. See, e.g., Specification, 
paragraph [0027]. The association module operable to query, supplying a session 
identifier, the association service in order to identify the identity service. See, e.g., 
Specification, paragraph [0040]. The a document production application operable to 
perform various tasks. Those tasks include providing an interface having content for 
sending association data containing a client identifier and a session identifier for the 
provided interface to an association service as well as content for displaying controls for 
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selecting production options. The tasks include acquiring resource data from an identity 
service using the session identifier for the identity service identified by a query from the 
association module and locating and access the document management service using 
the resource data. The tasks also include providing, for the interface, additional content 
for displaying controls for selecting a document managed by the document 
management service and producing a document according to selections made through 
the interface. See, e.g., Specification, paragraphs [0045]-[0049]. 

Claim 24 recites a system for locating a resource. That system includes a means 
for querying, supplying a session identifier, an association service in order to identify an 
identity service managing resource data. The system includes a means for providing an 
interface having instructions to send association data to the association service, the 
association data to contain a client identifier and a session identifier for the provided 
interface. The system also includes a means for acquiring resource data from an 
identity service identified by a query and a means for locating the resource using the 
resource data. See, e.g., Specification, paragraphs [0024]-[0028] and [0038]-[0043]. 

Claim 25 recites a document production system that includes a means for 
querying, supplying a session identifier, an association service in order to identify an 
identity service managing resource data. The system includes a means for providing an 
interface having content for sending association data containing a session identifier for 
the provided interface to the association service as well as content for displaying 
controls for selecting production options. The system includes a means for acquiring 
resource data from an identity service identifier identified by a query. The system 
includes a means for locating and accessing a document management service using 
the resource data. The system also includes a means for providing, for the interface, 
additional content for displaying controls for selecting a document managed by the 
document management service and a means for producing a document according to 
selections made through the interface. See, e.g., Specification, paragraphs [0024]- 
[0028] and paragraphs [0045]-[0049]. 
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6. Grounds For Rejection To Be Reviewed. 

A. Claims 9 and 13-15 stand rejected under 35 USC §101 as being directed 
to non-statutory subject matter. 

B. Claims 1 -3, 5, 9-11, 13, 17, 18, 20, 21, and 24 stand rejected under 35 
USC §102 as being anticipated by US Pub 2003/0074580 to Knouse. 

C. Claims 4, 6, 12, and 14 stand rejected under 35 USC §103 as being 
unpatentable over US Pub 2003/0074580 to Knouse in view of US Pub 2004/0015580 
to Lu. 

7. Argument. 

Grounds For Rejection A - Claims 9 and 13-15 stand rejected under 35 USC 
§101 as being directed to non-statutory subject matter. 

The preamble of each of Claims 9, and 13-15 recites a computer readable 
medium having instructions for performing various tasks. One can infer from such a 
preamble, that the claims the computer can read the recited instructions and be caused 
to perform the recited tasks. 

Rejecting Claims 9 and 13-15, the Examiner simply quotes 35 USC §101 and 
makes the following statement at page 4 of the last Office Action: 

Claims 9, 13-15 are rejected under 35 U.SC. 101 because the disclosed 
invention is inoperative and therefore lacks utility. Claims 9, 13-15 should 
read in the preamble "a computer readable storage medium. 

The Examiner fails to explain just how the conclusion is reached that Claims 9 and 1 3- 
15 are "inoperable." As discussed above, each of these claims recites a physical object 
in the form of a computer readable medium. Each recites that the computer readable 
medium includes instructions for performs tasks. One cane easily infer that because 
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the medium is readable by a computer that the computer can perform those tasks upon 
reading the recited instructions. As such, each of the claims is operable and is directed 
to statutory subject matter. Furthermore, the applicant is confused as to just how the 
addition of the term "storage" to the preambles would make any difference. 



Grounds For Rejection B - Claims 1-3, 5, 9-11, 13, 17, 18, 20, 21, and 24 stand 
rejected under 35 USC §102 as being anticipated by US Pub 2003/0074580 to 
Knouse. 

Claim 1 is directed to a method for locating a resource and recites the following 

acts: 

1 . providing an interface having instructions to send association data; 

2. identifying an identity service using the association data, the identity 
service managing resource data; and 

3. locating the resource using the resource data. 

Citing Knouse, the Examiner contends that the act of providing an interface 
having instructions to send association data is taught by Knouse, para [0017]. That 
paragraph mentions nothing of providing an interface that has instructions for sending 
association data. Instead, that paragraph simply mentions that a request from a user to 
access a resource includes a cookie. The Examiner equates this cookie with the 
association data recited in Claim 1 . 

The Examiner then asserts that Knouse , para [0226] teaches the act of 
identifying an identity service using the association data. That paragraph is reproduced 
below to illustrate the Examiner's mistake. 

[0226] In one embodiment, the information stored by cookie 1450 
includes the authentication level 1452 of the authentication scheme used 
to create the cookie, the user ID 1454 of the authenticated user, the IP 
address 1456 of the authenticated user, and session start time 1458 
identifying the time at which cookie 1450 was created. If the time elapsed 
since the session start time 1458 exceeds a maximum session time, the 
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cookie will become invalid. Idle start time 1460 is also stored, which 
identifies the time when the previous HTTP request for a protected 
resource was made in which cookie 1450 was passed. If the time elapsed 
since the idle start time 1460 exceeds a maximum idle time, the cookie will 
become invalid. Both of these time limits force users to re-authenticate if 
they have left a session unattended for longer than the maximum session 
or idle times. Cookie 1450 also stores a secured hash 1462 of information 
1452, 1454, 1456, 1458, and 1460. In one embodiment of the present 
invention, secured hash 1462 is created using an MD5 hashing algorithm. 
Most Internet browsers cache a user's supplied authentication information 
during basic and certificate authentication challenge methods, and then 
transparently re-send the information upon receiving an authentication 
challenge from a Web Server. In one embodiment, an administrator can 
enable a form authentication challenge method requiring end users to re- 
authenticate upon expiration of the maximum session or maximum idle 
time limits. 



Knouse, para [0226]. 

The cited paragraph mentions that a cookie includes an authentication level, an 
authentication scheme, a user ID, the IP address of the user, a session start time, and 
an idle start time. An example of such a cookie is shown in Knouse's Fig. 37 
reproduced below. 



Authentication ievel 



User's IP address 



Session start time 



Idle start time 



■1452 
■1454 
-1456 
-1458 
■1460 
•1462 



FIG. 37 
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Plainly, Knouse's cookie does not include any information for identifying an identity 
service. As such Knouse does not teach identifying an identity service in any manner. 

The Examiner then asserts that Knouse, para [0159] teaches an identity service 
that manages resource data and locating the resource using the resource data. That 
paragraph is reproduced below to illustrate the Examiner's mistake. 



[0159] FIG. 23 provides a flow chart of a method for determining whether 
a requested resource is protected (see step 753 of FIG. 22). In one 
embodiment, the steps of FIG. 23 are performed by resource protected 
event handler 508 and Access Server 34. In step 830, Web Gate 28 
determines whether an entry for the requested resource is found in 
resource cache 502. If an entry is found, the cache entry is examined in 
step 842 to determine whether the cache entry indicates that the resource 
is protected (step 832) or unprotected (step 840). If an entry for the 
requested resource is not found in resource cache 502, then Web Gate 28 
passes the URL of the requested resource request method to Access 
Server 34 in step 833. Access Server 34 attempts to map the requested 
resource to a policy domain using URL prefix cache 564 (step 836). 

Knouse, para [0159]. 

The cited paragraph mentions nothing of an identity service that manages 
resource data or locating a resource using resource data. The paragraph simply 
describes a method in which a web gate determines if a cache contains an entry for a 
resource. If so, that cache entry indicates whether the resource is protected or not 
protected. The cache entry doe NOT include information for locating the resource. 

Such information is not needed because the URL for Knouse's requested 
resource is already known as evidenced by steps 830 and 833 in Knouse's Fig. 23. In 
step 830 it is determined if the resource is found in the cache. If not, the URL for the 
resource is sent to an access server in step 833. Plainly, the information for locating the 
requested resource is already known, so Knouse's "resource cache' is not used to 
locate a resource. 

As such, Knouse also fails to teach or suggest an identity service that manages 
resource data and locating the resource using the resource data. 
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For at least these reasons, Claim 1 is patentable over Knouse. Claims 2-4 are 
also patentable over Knouse due at least in part to their dependence from Claim 1 . 

Claim 5 is directed to a method for locating a resource for a user and recites the 
following acts: 

1 . providing an interface having instructions to send association data to two or more 
association services; 

2. identifying from the two or more association services, an association service with 
which the user has established a relationship; 

3. identifying an identity service using the association data sent to the identified 
association service, the identity service managing resource data; and 

4. locating the resource using the resource data. 

Citing Knouse, the Examiner contends that the act of providing an interface 

having instructions to send association data to two or more association services is 

taught by Knouse, para [0017]. That paragraph, reproduced below, mentions nothing of 

providing an interface that has instructions for sending association data let alone 

instructions for sending association data to two or more association services. 

[0017] Another embodiment of the present invention includes a method 
for providing access services by an application without a web agent front 
end The method includes receiving an electronic request from a first user 
to access a first resource. The step of receiving includes receiving 
information from a cookie. The application provides the information from 
the cookie to an access system interface and requests the access system 
interface to authorize the first user to access the first resource based on 
information from the user's request and based on the information from the 
cookie. 

Knouse, para. [0017]. 

The cited paragraph simply mentions that a request from a user to access a 
resource includes a cookie. The Examiner equates this cookie with the association data 
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recited in Claim 1 . There is absolutely no mentions of sending a cookie to two or more 
association services. 



Citing Knouse, the Examiner contends that the act of identifying from the two or 
more association services, an association service with which the user has established a 
relationship is taught by Knouse, para [0217]. That paragraph is reproduced below to 
illustrate the Examiner's mistake. 



[0217] FIG. 34 provides a flow chart describing a method for performing 
form authentication (step 1 130 of FIG. 30). In one embodiment, the steps 
of FIG. 34 are performed by authentication event handler 512, redirection 
event handler 504, browser 12, and authentication module 540. In step 
1308, authentication event handler 512 sets a "form login" cookie on 
browser 12. The cookie includes the URL of the requested resource. 
Authentication event handler 512 then redirects browser 12 to an 
authentication form URL (step 1310). In step 1312, Web Gate 28 allows 
the authentication form referenced by the authentication form URL to pass 
to browser 12. The user then fills out the authentication form (step 1 31 4) 
and transmits (e.g. post data) the information from the authentication form 
(step 1316), passing the form login cookie previously set in step 1308. 
Authentication event handler 512 then extracts the URL of the requested 
resource from the form login cookie (step 1318), and passes the user ID 
and password filled out by the user in the authentication form (submitted 
as POST data) to Access Server 34 (step 1320). 



Knouse, para. [0217]. 

The cited paragraph simply discusses authentication of a user. It mentions 
nothing of identifying one of two or more association services with which a user has 
established a relationship. 

The Examiner then asserts that Knouse , para [0226] teaches the act of 
identifying an identity service using the association data. That paragraph is reproduced 
below to illustrate the Examiner's mistake. 



[0226] In one embodiment, the information stored by cookie 1450 
includes the authentication level 1452 of the authentication scheme used 
to create the cookie, the user ID 1454 of the authenticated user, the IP 
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address 1456 of the authenticated user, and session start time 1458 
identifying the time at which cookie 1450 was created. If the time elapsed 
since the session start time 1458 exceeds a maximum session time, the 
cookie will become invalid. Idle start time 1460 is also stored, which 
identifies the time when the previous HTTP request for a protected 
resource was made in which cookie 1450 was passed. If the time elapsed 
since the idle start time 1460 exceeds a maximum idle time, the cookie will 
become invalid. Both of these time limits force users to re-authenticate if 
they have left a session unattended for longer than the maximum session 
or idle times. Cookie 1450 also stores a secured hash 1462 of information 
1452, 1454, 1456, 1458, and 1460. In one embodiment of the present 
invention, secured hash 1462 is created using an MD5 hashing algorithm. 
Most Internet browsers cache a user's supplied authentication information 
during basic and certificate authentication challenge methods, and then 
transparently re-send the information upon receiving an authentication 
challenge from a Web Server. In one embodiment, an administrator can 
enable a form authentication challenge method requiring end users to re- 
authenticate upon expiration of the maximum session or maximum idle 
time limits. 



Knouse, para [0226]. 

The cited paragraph mentions that a cookie includes an authentication level, an 
authentication scheme, a user ID, the IP address of the user, a session start time, and 
an idle start time. An example of such a cookie is shown in Knouse's Fig. 37 
reproduced below. 
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Authentication level -1 4 52 

User ID \ — -1 454 



User's fP address 

Session start time ~~~|— Li 458 

idle start time ^460 

Secured hash | — - —1 462 

FIG. 37 



Plainly, Knouse's cookie does not include any information for identifying an identity 
service. As such Knouse does not teach identifying an identity service in any manner. 

The Examiner then asserts that Knouse, para [0159] teaches an identity service 
that manages resource data and locating the resource using the resource data. That 
paragraph is reproduced below to illustrate the Examiner's mistake. 



[01 59] FIG. 23 provides a flow chart of a method for determining whether 
a requested resource is protected (see step 753 of FIG. 22). In one 
embodiment, the steps of FIG. 23 are performed by resource protected 
event handler 508 and Access Server 34. In step 830, Web Gate 28 
determines whether an entry for the requested resource is found in 
resource cache 502. If an entry is found, the cache entry is examined in 
step 842 to determine whether the cache entry indicates that the resource 
is protected (step 832) or unprotected (step 840). If an entry for the 
requested resource is not found in resource cache 502, then Web Gate 28 
passes the URL of the requested resource request method to Access 
Server 34 in step 833. Access Server 34 attempts to map the requested 
resource to a policy domain using URL prefix cache 564 (step 836). 



Knouse, para [0159]. 
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The cited paragraph mentions nothing of an identity service that manages 
resource data or locating a resource using resource data. The paragraph simply 
describes a method in which a web gate determines if a cache contains an entry for a 
resource. If so, that cache entry indicates whether the resource is protected or not 
protected. The cache entry doe NOT include information for locating the resource. 

Such information is not needed because the URL for Knouse's requested 
resource is already known as evidenced by steps 830 and 833 in Knouse's Fig. 23. In 
step 830 it is determined if the resource is found in the cache. If not, the URL for the 
resource is sent to an access server in step 833. Plainly, the information for locating the 
requested resource is already known, so Knouse's "resource cache' is not used to 
locate a resource. 

As such, Knouse also fails to teach or suggest an identity service that manages 
resource data and locating the resource using the resource data. For at least this 
reason, Claim 5 is patentable over Knouse. 

Claim 9 is directed to a computer readable medium having instructions for 
implementing the method of Claim 1 . For at least the same reasons Claim 1 is 
patentable, so are Claim 9 and Claims 10-12 which depend from Claim 9. 

Claim 13 is directed to a computer readable medium having instructions for 
implementing the method of Claim 5. For at least the same reasons Claim 5 is 
patentable, so is Claim 13. 

Claim 17 is direct to a system for locating a resource, and recites the following 
elements: 

1 . an association module operable to query an association service, supplying a 
session identifier, in order to identify an identity service managing resource data; 
and 

2. an application operable to: 
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a. provide an interface having instructions to send association data to the 
association service, the association data to contain a client identifier and a 
session identifier for the provided interface; 

b. acquire resource data from an identity service identified by a query from 
the association module; and 

c. locate the resource using the resource data. 

In short, Claim 17 recites a system capable of implementing the method of Claim 1 . For 
at least the same reasons Claim 1 is patentable, so is Claim 17 and Claim 18 which 
depends from Claim 17. 

Claim 24 is directed to system for implementing the method of Claim 1 . For at 
least the same reasons Claim 1 is patentable, so is Claim 24. 



Grounds For Rejection C - Claims 4, 6, 12, and 14 stand rejected under 35 
USC §103 as being unpatentable over US Pub 2003/0074580 to Knouse in view 
of US Pub 2004/0015580 to Lu. 

Claim 4 depends from Claim 1 . For at least the same reasons Claim 1 is 
patentable, so is Claim 4. 

Claim 6 is directed to a method, in a computer network, for locating a resource 
and recites the following acts: 

1 . providing a web page having instructions to request a web bug; 

2. requesting the web bug sending a cookie and an URL for the web page; 

3. saving the cookie and the URL for the web page as an entry in an association 
table; 

4. querying, providing the URL for the web page, the association table for the 
cookie in the entry containing the URL; 
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5. identifying other entries in the association table containing the cookie; 

6. identifying from those entries an entry containing an URL for an identification 
service, the identification service managing resource data; and 

7. locating the resource using the resource data. 



The Examiner asserts that Knouse, para [0202] teaches the acts of saving the 
cookie and the URL for the web page as an entry in an association table and querying, 
providing the URL for the web page, the association table for the cookie in the entry 
containing the URL identifying an identity service using the association data. That 
paragraph is reproduced below to illustrate the Examiner's mistake. 



[0202] In the simplest case, all of an e-business host company's Web 
Servers will be in the same domain (i.e. oblix.com). When a user 
successfully authenticates at one of the Web Servers, the Web Gate 
running on the authenticating Web Server causes the Web Server to 
return an encrypted cookie, indicating a successful authentication. 
Subsequent requests by the browser to the domain will pass this cookie 
(assuming the cookie applies to the requested URL), proving the user's 
identity; therefore, further authentications are unnecessary. 



Knouse, para [0202]. 

The passage clearly mentions NOTHING of saving a cookie and an URL in an 
association table or providing the URL for the web page to query the association table 
for the cookie in the entry containing the URL. 

The Examiner asserts that Knouse, para. [0156] teaches the act of identifying 
other entries in the association table containing the cookie. That paragraph is 
reproduced below to illustrate the Examiner's mistake. 



[01 56] FIG. 22 provides a flow chart for one embodiment of a method for 
authenticating, authorizing, and logging. In step 750, a user's browser 12 
requests a web-enabled resource 22 or 24. The request is intercepted by 
Web Gate 28 in step 752. The method then determines whether the 
requested resource is protected by an authentication and/or authorization 
rule in step 753. If the resource is not protected, then access is granted to 
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the requested resource in step 795. If the requested resource is protected 
however, the method proceeds to step 754. If the user has previously 
authenticated for a protected resource in the same domain, a valid 
authentication cookie will be passed by browser 12 with the request in 
step 750 and intercepted by Web Gate in step 752. If a valid cookie is 
received (step 754), the method attempts to authorize the user in step 
756. If no valid authorization cookie is received (step 754), the method 
attempts to authenticate the user for the requested resource (step 760). 



Knouse, para [0156]. This cited paragraph mentions NOTHING of identifying other 
entries in the association table containing the cookie. The paragraph simply discusses 
a determination of whether or not a valid cookie is received. 



The Examiner asserts that Knouse, paras. [0128]-[0129] teach the act of 
identifying from those entries an entry containing an URL for an identification service, 
the identification service managing resource data. Those paragraphs are reproduced 
below to illustrate the Examiner's mistake. 



[0128] FIG. 14 provides a block diagram of Web Gate 28. In one 
embodiment, Web Gate 28 is a Web Server plug-in running on Web 
Server 18. In another embodiment, Web Gate 28 is an NSAPI Web Server 
plug-in. In another embodiment, Web Gate 28 is an ISAPI Web Server 
plug-in. In still a further embodiment, Web Gate 28 is an Apache Web 
Server plug-in. In another embodiment, a plurality of Web Gates 
conforming to different plug-in formats are distributed among multiple Web 
Servers. 

[0129] Resource cache 502 caches authentication information for 
individual resources. The information stored in resource cache 502 
includes: request method, URL, retainer 505, and audit mask 503. In one 
embodiment of the present invention, audit mask 503 is a four bit data 
structure with separate bits identifying whether authentication and/or 
authorization successes and/or failures are audited (logged) for a given 
resource. 



Knouse, paras. [0128]-[0129]. 

These paragraphs describe a web gate that is web server or web server plug-in 
and a resource cache that caches authentication information for resources. Te 
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paragraphs mention nothing of identifying an entry in an association table that contain 
an URL for an identification service. 

Lu fails to address Knouse's deficiencies noted above. For at least these 
reasons, Claim 6 is patentable over Knouse and Lu. 

Claim 12 depends from Claim 9. For at least the same reasons Claim 9 is 
patentable, so is Claim 12. 

Claim 14 is direct to is directed to a computer readable medium having 
instructions for implementing the method of Claim 6. For at least the same reasons 
Claim 6 is patentable, so is Claim 14. 

Conclusion: In view of the foregoing remarks, the Applicant respectfully submits 
that the pending claims are in condition for allowance. Consequently, early and 
favorable action allowing these claims and passing the application to issue is earnestly 
solicited. The foregoing is believed to be a complete response to the outstanding Office 
Action. 



Respectfully submitted, 
Gregory Eugene Perkins, et al. 



By /Jack H. McKinnev/ 
Jack H. McKinney 
Reg. No. 45,685 

April 16, 2007 
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APPENDIX OF CLAIMS INVOLVED IN THE APPEAL 



1 . (original) In a computer network, a method for locating a resource, comprising: 
providing an interface having instructions to send association data; 
identifying an identity service using the association data, the identity service 

managing resource data; and 

locating the resource using the resource data. 

2. (original) The method of Claim 1, further comprising performing a specified 
task utilizing the resource. 

3. (original) The method of Claim 1 , wherein the association data includes a 
client identifier and a session identifier associated with the interface, and wherein the 
act of identifying comprises: 

providing the session identifier associated with the interface, identifying the client 

identifier included in the association data; 

identifying other association data containing that client identifier; and 
acquiring at least a portion of the session identifier included in the other 

association data. 

4. (original) The method of Claim 1 , wherein the act of providing comprises 
providing a web page having instructions to request a web bug sending association data 
containing a cookie and an URL for the web page; and 

wherein the act of identifying comprises: 

providing the URL to identify the association data containing the cookie; 
identifying other association data containing the cookie; and 

acquiring an URL for the identity service from the identified association 

data. 

5. (original) In a computer network, a method for locating a resource for a user, 
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comprising: 

providing an interface having instructions to send association data to two or more 
association services; 

identifying from the two or more association services, an association service with 
which the user has established a relationship; 

identifying an identity service using the association data sent to the identified 
association service, the identity service managing resource data; and 

locating the resource using the resource data. 

6. (original) In a computer network, a method for locating a resource comprising: 
providing a web page having instructions to request a web bug; 

requesting the web bug sending a cookie and an URL for the web page; 
saving the cookie and the URL for the web page as an entry in an association 

table; 

querying, providing the URL for the web page, the association table for the 
cookie in the entry containing the URL; 

identifying other entries in the association table containing the cookie; 

identifying from those entries an entry containing an URL for an identification 
service, the identification service managing resource data; and 

locating the resource using the resource data. 

7. (original) A method for producing an electronic document, comprising: 
generating, upon request from a user, a web page having content for requesting 

a web bug from an association service as well as content for displaying controls for 
selecting production options; 

querying the association service to identify an identity service with which the user 
is registered providing an URL for the generated web page; 

obtaining the user's resource data from the identified identity service; 

locating and accessing a document management service using the resource 

data; 
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providing additional content for the web page for displaying controls for selecting 
a document managed by the document management service; and 

producing a document according to selections made through the web page. 

8. (original) The method of Claim 7, wherein: 

the act of generating comprises generating a web page having instructions to 
request a web bug sending, to the association service association, data containing a 
cookie and an URL for the web page; 

the method further comprises saving the association data as an entry in an 
association table; 

the act of querying further comprises identifying the cookie in the saved entry 
using the provided the URL, identifying other association data containing the identified 
cookie, and, from the other identified association data, acquiring an URL for the identity 
service; and 

the act of obtaining the user's resource data comprises obtaining the user's 
resource data from the identified identity service using, at least in part, the acquired 
URL. 

9. (original) A computer readable medium having instructions for: 
providing an interface having instructions to send association data; 
identifying an identity service using the association data, the identity service 

managing resource data; and 

locating a resource using the resource data. 

10. (original) The medium of Claim 9, having further instructions for performing a 
specified task utilizing the resource. 

1 1 . (original) The medium of Claim 9, wherein the association data includes a 
client identifier and a session identifier associated with the interface, and wherein the 
instructions for identifying comprise instructions for: 
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providing the session identifier associated with the interface, identifying the client 
identifier included in the association data; 

identifying other association data containing that client identifier; and 
acquiring the session identifier included in the other association data. 

12. (original) The medium of Claim 9, wherein the instructions for providing 
comprise instructions for providing a web page having instructions to request a web bug 
sending association data containing a cookie and an URL for the web page; and 

wherein the instructions for identifying comprise instructions for: 

providing the URL to identify the association data containing the 
cookie; 

identifying other association data containing the cookie; and 
acquiring, from the identified association data, an URL for the 
identity service. 

13. (original) A computer readable medium having instructions for: 

providing an interface having instructions to send association data to two or more 
association services; 

identifying from the two or more association services, an association service with 
which a user has established a relationship; 

identifying an identity service using the association data sent to the identified 
association service, the identity service managing resource data; and 

locating a resource for the user using the resource data. 

14. (original) A computer readable medium having instructions for: 
providing a web page having instructions to request a web bug; 
requesting the web bug sending a cookie and an URL for the web page; 
saving the cookie and the URL for the web page as an entry in an association 

table; 

querying, providing the URL for the web page, the association table for the 
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cookie in the entry containing the URL; 

identifying another entries in the association table containing the cookie; 

identifying, from those entries, the entry containing an URL for an identification 
service, the identification service managing resource data; and 

locating a resource using the resource data. 

15. (original) A computer readable medium having instructions for: 
generating, upon request from a user, a web page having content for requesting 

a web bug from an association service as well as content for displaying controls for 
selecting production options; 

querying the association service to identify an identity service with which the user 
is registered providing an URL for the generated web page; 

obtaining the user's resource data from the identified identity service; 

locating and accessing a document management service using the resource 

data; 

providing additional content for the web page for displaying controls for selecting 
a document managed by the document management service; and 

producing a document according to selections made through the web page. 

16. (original) The medium of Claim 15, wherein: 

the instructions for generating comprise instructions for generating a web page 
having instructions to request a web bug sending to the association service association 
data containing a cookie and an URL for the web page; 

the medium having further instructions for saving the association data as an entry 
in an association table; 

the instructions for querying further comprise instructions for identifying the 
cookie in the saved entry using the provided the URL, identifying other association data 
containing the identified cookie, and, from the other identified association data, 
acquiring an URL for the identity service; and 

the instructions for obtaining the user's resource data comprise instructions for 
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obtaining the user's resource data from the identified identity service using, at least in 
part, the acquired URL. 

17. (original) A system for locating a resource, comprising: 

an association module operable to query an association service, supplying a 
session identifier, in order to identify an identity service managing resource data; and 
an application operable to: 

provide an interface having instructions to send association data to 
the association service, the association data to contain a client identifier 
and a session identifier for the provided interface; 

acquire resource data from an identity service identified by a query 
from the association module; and 

locate the resource using the resource data. 

18. (original) The system of Claim 17, wherein: 

the application is further operable to provide the interface in the form of a web 
page having instructions to send association data containing a cookie and the URL for 
the provided web page; and 

the association module is further operable to provide the URL and query the 
association service for an URL for the identity service. 

19. (original) A document production system, comprising: 

an association module operable to query an association service, supplying a 
session identifier in order to identify an identity service managing resource data; and 
a document production application operable to: 

provide an interface having content for sending association data 
containing a session identifier for the provided interface to an association 
service as well as content for displaying controls for selecting production 
options; 

acquire resource data from an identity service identifier identified by 
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a query from the association module; 

locate and access a document management service using the 
resource data; and 

provide, for the interface, additional content for displaying controls 
for selecting a document managed by the document management service; 
and 

produce a document according to selections made through the 
interface. 



20. (original) A system for locating a resource, comprising: 
an identity service operable to manage resource data; 

an association server operable to receive association data containing a client 
identifier and a session identifier, save the association data in an association table, and 
receive queries for the association table; 

an association table interface in communication with the association server and 
operable, according to a received query, to access from the association table a session 
identifier for the identity service using a session identifier supplied with the query; 

an association module operable to query, supplying a session identifier, the 
association service in order to identify the identity service; 
an application operable to: 

provide an interface having instructions to send association data to 
an association server, the association data to contain a client identifier and 
a session identifier for the provided interface; 

acquire resource data from the identity service identified by a query 
from the association module; and 

locate the resource using the resource data. 

21 . (original) The system of Claim 20, wherein: 

the application is further operable to provide the interface in the form of a web 
page having instructions to send association data containing a cookie and the URL for 
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the provided web page; 

the association module is further operable to provide the URL interface and 
query the association service for an URL for the identity service; and 

the association table interface is further operable to locate an entry in the 
association table containing the provided URL, identify the cookie in the located entry, 
identify other entries containing that cookie, and, from those other entries, acquire an 
URL for the identity service; and 

the application is further operable to use the acquired URL to acquire resource 
data from the identity service. 

22. (original) A document production system, comprising: 
a document management service; 

an identity service operable to manage resource data for locating and accessing 
the document management service; 

an association server operable to receive association data containing a client 
identifier and a session identifier, save the association data in an association table, and 
receive queries for the association table; 

an association table interface in communication with the association server and 
operable, according to a received query, to access from the association table a session 
identifier for the identity service using the session identifier supplied with the query; 

an association module operable to query, supplying a session identifier, the 
association service in order to identify the identity service; 
a document production application operable to: 

provide an interface having content for sending association data 
containing a client identifier and a session identifier for the provided 
interface to an association service as well as content for displaying 
controls for selecting production options; 

acquire resource data from an identity service using the session 
identifier for the identity service identified by a query from the association 
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module; 

locate and access the document management service using the 
resource data; 

provide, for the interface, additional content for displaying controls 
for selecting a document managed by the document management service; 
and 

produce a document according to selections made through the 
interface. 

23. (original) The system of Claim 22, wherein: 

the association table interface is further operable to locate an entry in the 
association table containing the session identifier supplied with a query, identify the 
client identifier in the located entry, identify other entries containing that client identifier, 
and, from those other entries, acquire a session identifier for the Identity service; and 

the document production application is further operable to use the acquired 
session identifier for the identity service to acquire resource data from the identity 
service. 

24. (original) A system for locating a resource, comprising: 

a means for querying, supplying a session identifier, an association service in 
order to identify an identity service managing resource data; 

a means for providing an interface having instructions to send association data to 
the association service, the association data to contain a client identifier and a session 
identifier for the provided interface; 

a means for acquiring resource data from an identity service identified by a 
query; and 

a means for locating the resource using the resource data. 

25. (original) A document production system, comprising: 

a means for querying, supplying a session identifier, an association service in 
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order to identify an identity service managing resource data; 

a means for providing an interface having content for sending association data 
containing a session identifier for the provided interface to the association service as 
well as content for displaying controls for selecting production options; 

a means for acquiring resource data from an identity service identifier identified 
by a query; 

a means for locating and accessing a document management service using the 
resource data; 

a means for providing, for the interface, additional content for displaying controls 
for selecting a document managed by the document management service; and 
a means for producing a document according to selections made through the interface. 
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Evidence Appendix 

There is no extrinsic evidence to be considered in this Appeal. Therefore, 
no evidence is presented in this Appendix. 
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Related Proceedings Appendix 

There are no related proceedings to be considered in this Appeal. Therefore, no 
such proceedings are identified in this Appendix. 
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